pkg:Bitnami/valkey

48 total CVEsCRITICAL4HIGH27MEDIUM12LOW5

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.9CVE-2025-49844Redis Lua Use-After-Free may lead to remote code execution
    from 0, < 7.2.11, >= 8.0.0, < 8.0.6, >= 8.1.0, < 8.1.4
  • CRITICAL9.8CVE-2025-27151redis-check-aof may lead to stack overflow and potential RCE
    from 0, < 7.2.10, >= 7.3.0, < 8.0.5, >= 8.1.0, < 8.1.2
  • CRITICAL9.8CVE-2024-46981Redis' Lua library commands may lead to remote code execution
    from 0, < 8.0.2
  • CRITICAL9.8CVE-2022-35951Redis subject to Integer Overflow leading to Remote Code Execution via Heap Overflow
    >= 7.0.0, < 7.0.5
  • HIGH8.8CVE-2026-25243redis-server RESTORE invalid memory access may allow remote code execution
    from 0, < 7.2.13, >= 8.0.0, < 8.0.8, >= 8.1.0, < 8.1.7, >= 9.0.0, < 9.0.4
  • HIGH8.8CVE-2026-23479redis-server use-after-free in unblock client flow may allow remote code execution
    from 0, < 7.2.13, >= 8.0.0, < 8.0.8, >= 8.1.0, < 8.1.7, >= 9.0.0, < 9.0.4
  • HIGH8.8CVE-2025-46817Lua library commands may lead to integer overflow and potential RCE
    from 0, < 7.2.11, >= 8.0.0, < 8.0.6, >= 8.1.0, < 8.1.4
  • HIGH8.8CVE-2024-31449Lua library commands may lead to stack overflow and RCE in Redis
    from 0, < 7.2.7, >= 8.0.0, < 8.0.1
  • HIGH8.8CVE-2022-24834Heap overflow issue with the Lua cjson library used by Redis
    >= 2.6.0, < 6.0.20, >= 6.2.0, < 6.2.13, >= 7.0.0, < 7.0.12
  • HIGH8.8CVE-2023-36824Heap overflow in COMMAND GETKEYS and ACL evaluation in Redis
    >= 7.0.0, < 7.0.12
  • HIGH8.8CVE-2022-31144Potential heap overflow in Redis
    >= 7.0.0, < 7.0.4
  • HIGH8.8CVE-2021-32762Integer overflow that can lead to heap overflow in redis-cli, redis-sentinel on some platforms
    >= 5.0.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
  • HIGH8.8CVE-2021-32626Lua scripts can overflow the heap-based Lua stack in Redis
    >= 2.6.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
  • HIGH8.1CVE-2026-23631redis-server Lua use-after-free may allow remote code execution
    from 0, < 7.2.13, >= 8.0.0, < 8.0.8, >= 8.1.0, < 8.1.7, >= 9.0.0, < 9.0.4
  • HIGH8.1CVE-2023-41056Redis vulnerable to integer overflow in certain payloads
    >= 7.0.9, < 7.0.15, >= 7.2.0, < 7.2.4
  • HIGH7.8CVE-2025-32023Redis allows out of bounds writes in hyperloglog commands leading to RCE
    from 0, < 7.2.10, >= 7.3.0, < 8.0.4, >= 8.1.0, < 8.1.3
  • HIGH7.8CVE-2022-24735Lua scripts can be manipulated to overcome ACL rules in Redis
    from 0, < 6.2.7
  • HIGH7.5CVE-2026-27623Valkey has Pre-Authentication DOS from malformed RESP request
    >= 9.0.0, < 9.0.3
  • HIGH7.5CVE-2026-21863Malformed Valkey Cluster bus message can lead to Remote DoS
    from 0, < 7.2.12, >= 8.0.0, < 8.0.7, >= 8.1.0, < 8.1.6, >= 9.0.0, < 9.0.2
  • HIGH7.5CVE-2025-48367Redis DoS Vulnerability due to bad connection error handling
    from 0, < 7.2.10, >= 7.3.0, < 8.0.4, >= 8.1.0, < 8.1.3
  • HIGH7.5CVE-2025-21605Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client
    from 0, < 7.2.9, >= 8.0.0, < 8.0.3, >= 8.1.0, < 8.1.1
  • HIGH7.5CVE-2022-33105Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.
    >= 7.0.0, < 7.0.1
  • HIGH7.5CVE-2023-31655redis v7.0.10 was discovered to contain a segmentation violation.
    >= 7.0.10, < 7.0.11
  • HIGH7.5CVE-2021-41099Integer overflow issue with strings in Redis
    >= 5.0.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
  • HIGH7.5CVE-2021-32687Integer overflow issue with intsets in Redis
    >= 5.0.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
  • HIGH7.5CVE-2021-32675DoS vulnerability in Redis
    >= 5.0.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
  • HIGH7.5CVE-2021-32628Vulnerability in handling large ziplists
    >= 5.0.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
  • HIGH7.5CVE-2021-32627Integer overflow issue with Streams in Redis
    >= 5.0.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
  • HIGH7.3CVE-2025-46818Redis: Authenticated users can execute LUA scripts as a different user
    from 0, < 7.2.11, >= 8.0.0, < 8.0.6, >= 8.1.0, < 8.1.4
  • HIGH7.1CVE-2025-67733Valkey Affected by RESP Protocol Injection via Lua error_reply
    from 0, < 7.2.12, >= 8.0.0, < 8.0.7, >= 8.1.0, < 8.1.6, >= 9.0.0, < 9.0.2
  • HIGH7.1CVE-2025-46819Redis is vulnerable to DoS via specially crafted LUA scripts
    from 0, < 7.2.11, >= 8.0.0, < 8.0.6, >= 8.1.0, < 8.1.4
  • MEDIUM6.5CVE-2024-31228Denial-of-service due to unbounded pattern matching in Redis
    from 0, < 7.2.7, >= 8.0.0, < 8.0.1
  • MEDIUM6.5CVE-2023-28856`HINCRBYFLOAT` can be used to crash a redis-server process
    from 0, < 6.0.19, >= 6.2.0, < 6.2.12, >= 7.0.0, < 7.0.11
  • MEDIUM6.5CVE-2023-25155Integer Overflow in several Redis commands can lead to denial of service.
    from 0, < 6.0.18, >= 6.2.0, < 6.2.11, >= 7.0.0, < 7.0.9
  • MEDIUM5.9CVE-2021-31294Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifical…
    from 0, < 6.2.0
  • MEDIUM5.5CVE-2023-28425Specially crafted MSETNX command can lead to denial-of-service
    >= 7.0.8, < 7.0.10
  • MEDIUM5.5CVE-2022-36021Redis string pattern matching can be abused to achieve Denial of Service
    from 0, < 6.0.18, >= 6.2.0, < 6.2.11, >= 7.0.0, < 7.0.9
  • MEDIUM5.5CVE-2023-22458Integer overflow in multiple Redis commands can lead to denial-of-service
    >= 6.2.0, < 6.2.9, >= 7.0.0, < 7.0.8
  • MEDIUM5.5CVE-2022-35977Integer overflow in certain command arguments can drive Redis to OOM panic
    >= 6.0.0, < 6.0.17, >= 6.2.0, < 6.2.9, >= 7.0.0, < 7.0.8
  • MEDIUM5.5CVE-2022-24736A Malformed Lua script can crash Redis
    from 0, < 6.2.7
  • MEDIUM4.4CVE-2024-51741Redis allows denial-of-service due to malformed ACL selectors
    from 0, < 8.0.2
  • MEDIUM4.4CVE-2024-31227Denial-of-service due to malformed ACL selectors in Redis
    from 0, < 7.2.7, >= 8.0.0, < 8.0.1
  • MEDIUM4.3CVE-2021-32672Vulnerability in Lua Debugger in Redis
    >= 3.2.0, < 5.0.14, >= 6.0.0, < 6.0.16, >= 6.2.0, < 6.2.6
  • LOW3.6CVE-2023-45145Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.
    >= 2.6.0, < 6.2.14, >= 7.0.0, < 7.0.14, >= 7.2.0, < 7.2.2
  • LOW3.5CVE-2025-46686Redis through 8.0.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user.
    from 0, < 8.0.4
  • LOW3.3CVE-2023-41053Redis SORT_RO may bypass ACL configuration
    >= 7.0.0, < 7.0.13, >= 7.2.0, < 7.2.1
  • LOW3.3CVE-2022-3647Redis Crash Report debug.c sigsegvHandler denial of service
    from 0, < 6.2.8, >= 7.0.0, < 7.0.6
  • LOW3.1CVE-2025-49112setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.
    from 0, < 8.1.4